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Abstract 

Networked  embedded  systems  are  composed  of  a large  num- 
ber of  physically  distributed  nodes  that  interact  with  the  phys- 
ical world  via  a set  of  sensors  and  actuators,  have  their  own 
computational  capabilities,  and  communicate  with  each  other 
via  a wired  or  wireless  network.  Monitoring  and  diagnosis 
for  such  systems  must  address  several  challenges  caused  by 
the  distribution  of  resources,  communication  limitations,  and 
node  and  link  failures.  This  paper  presents  a distributed  di- 
agnosis framework  that  exploits  the  topology  of  a physical 
system  to  be  diagnosed  to  limit  inter-diagnoscr  communica- 
tion and  compute  diagnoses  in  an  anytime  and  any  informa- 
tion manner,  making  it  robust  to  communication  and  proces- 
sor failures.  The  framework  adopts  the  consistency-based  di- 
agnosis formalism  and  develops  a distributed  constraint  sat- 
isfaction realization  of  the  diagnosis  algorithm.  Each  local 
diagnoser  first  computes  locally  consistent  diagnoses,  tak- 
ing into  account  local  sensing  information  only.  The  local 
diagnosis  sets  are  reduced  to  globally  consistent  diagnoses 
through  pairwise  communications  between  local  diagnosers. 
The  algorithm  has  been  successfully  demonstrated  for  the  di- 
agnosis of  paper  path  faults  for  the  Xerox  DC265  printer. 

Introduction 

Our  diagnostic  research  is  motivated  by  existing  and  emerg- 
ing applications  of  networked,  embedded  systems.  In  such 
systems  the  physical  plant  is  composed  of  a large  number 
of  distributed  nodes,  each  of  which  performs  a moderate 
amount  of  computation,  collaborates  with  other  nodes  via 
a wired  or  wireless  network,  and  is  embedded  in  the  phys- 
ical world  via  a set  of  sensors  and  actuators.  Examples 
include  distributed  sensor  networks  (Chu,  Haussecker,  & 
Zhao  2001),  complex  electromechanical  systems  with  em- 
bedded controllers  (Zhao  et  al.  2001),  data  networks,  smart 
matter  systems  (Jackson  et  al.  2001),  and  ad-hoc  wireless 
networks  of  consumer  devices.  Such  systems  present  a num- 
ber of  interesting  new  challenges  for  diagnostic  systems.  A 
moderate  amo  unt  of  computation  is  potentially  available,  but 
it  is  partitioned  into  embedded  chunks  that  range  in  size 
from  tiny,  in  the  case  of  smart  dust  sensor  motes  (Kahn, 
Katz,  & Pister  1999)  to  moderate  in  the  case  of  consumer  de- 
vices. Communication  between  nodes  is  available,  but  may 
involve  unreliable  delivery,  power-constrained  wireless  net- 
works, or  large,  complex  topologies  requiring  multiple  hops 
to  connect  two  arbitrary  nodes.  Finally,  nodes  might  leave 


the  network  dynamically  and  nodes  of  a previously  unseen 
type  might  join  in  their  place. 

In  this  paper,  we  consider  how  we  might  apply  techniques 
from  model-based  diagnosis  to  these  types  of  problems.  In 
general,  traditional  model-based  techniques  are  centralized. 
They  assume  that  the  diagnostic  algorithm  is  run  on  a sin- 
gle processing  unit  that  has  access  to  observations  from  all 
sensors  in  the  physical  plant.  In  the  next  two  sections  of 
the  paper,  we  briefly  discuss  centralized,  model-based  tech- 
niques and  discuss  how  they  cause  scalability,  robustness 
and  reconfigurability  problems  if  employed  directly  on  net- 
worked, embedded  systems.  We  then  present  a set  of  use- 
ful properties  for  diagnostic  algorithms  for  such  systems. 
In  the  fourth  section,  we  present  a simple  formulation  for 
diagnosis  of  discrete,  distributed  systems  in  order  to  mo- 
tivate discussion  and  map  the  formulation  onto  distributed 
constraint  satisfaction  and  distributed  constraint  optimiza- 
tion. We  next  propose  an  algorithmic  framework  for  dis- 
tributed diagnosis  that  operates  in  an  anytime  manner  and  is 
robust  to  communication  and  processor  failures.  We  dis- 
cuss the  communications  requirements  for  the  framework 
and  compare  performance  results  for  one  instantiation  of  the 
distributed  diagnosis  framework  against  a centralized  diag- 
noser. In  the  related  work  section,  we  discuss  why  exist- 
ing distributed  constraint  satisfaction  and  optimization  algo- 
rithms are  not  well  suited  for  distributed  diagnosis  of  net- 
worked, embedded  systems.  We  finally  discuss  two  open 
areas  for  future  work.  The  contributions  of  this  paper  are 
that  it  illustrates  the  interesting  features  of  networked,  em- 
bedded systems  that  make  them  challenging  for  traditional 
model-based  diagnosis  techniques,  it  presents  a simple  for- 
mulation of  the  distributed  diagnosis  problem  for  these  type 
of  systems  and  relates  it  to  distributed  constraint  satisfaction 
and  optimization,  it  presents  a class  of  robust,  anytime  al- 
gorithms for  performing  diagnosis,  and  it  illustrates  prelim- 
inary diagnostic  results  on  a model  of  a real  physical  system 
with  comparisons  to  an  existing  centralized  diagnoser. 

Model-based  Diagnosis 

The  objective  of  diagnosis  is  to  determine  the  state  of  a phys- 
ical plant  such  as  a printer,  aircraft  or  network,  based  upon 
the  current  sensor  readings  from  the  plant  and  prior  knowl- 
edge about  the  plant’s  structure  and  behavior.  In  order  for 
the  diagnosis  to  be  useful  for  on-line  control  of  the  plant, 


accurate  diagnoses  must  be  generated  in  a time-critical  man- 
ner using  the  available  computational  resources.  In  most 
model-based  diagnostic  techniques,  prior  knowledge  about 
the  physical  plant  consists  of  a description  of  the  behav- 
ior of  each  component  of  the  plant,  including  normal  and 
faulty  behaviors,  and  the  interconnections  between  compo- 
nents (Hamscher,  Console,  & de  Kleer  1992).  Partial  ob- 
servability presents  the  main  challenge  of  diagnosis.  Faults 
in  a component  may  not  be  directly  observable,  and  in- 
stead may  cause  changes  in  the  behavior  of  the  plant  that 
propagate  through  several  components  before  becoming  ob- 
servable at  a sensor.  To  perform  diagnosis,  the  component 
models  are  combined  into  a global  store,  observations  are 
obtained  from  the  physical  plant,  and  a centralized  algo- 
rithm is  applied  to  find  a system-wide  diagnosis.  We  be- 
lieve this  very  abstract  description  captures  many  diagnostic 
formalisms,  including  logic-based  formalisms  such  as  those 
based  upon  (de  Kleer  & Williams  1989)  or  (Reiter  1987), 
bond  graphs  (Mosterman  & Biswas  1997)  and  many  others. 
Throughout  this  paper  we  will  use  a formalism  and  exam- 
ples consistent  with  GDE  (de  Kleer  & Williams  1 987)  and 
its  descendants,  keeping  in  mind  the  general  properties  of 
centralized,  model-based  diagnosis  that  are  at  issue. 

Figure  1 on  the  next  page  schematically  illustrates  a small 
model  for  the  kind  of  traditional  problem  we  might  attack 
with  a model-based  diagnoses  The  24  boxes  represent 
rollers,  gears,  motors,  sensors  and  other  devices  in  a printer 
paper  path.  For  example,  the  acRoll  acquires  a sheet  of  pa- 
per from  the  paper  tray  and  transports  it  to  the  feedRoll, 
driven  by  the  acBelt.  We  have  developed  a simple  diagnos- 
tic application  for  this  paper  path  system  using  L2  (Kurien  & 
Nayak  2000),  a centralized,  GDE-style  diagnoser  developed 
by  NASA.  Each  component  is  modeled  by  finite  state  ma- 
chine augmented  with  finite  domain  variables  that  describe 
its  behavior.  Arcs  between  components  in  Figure  1 repre- 
sent interactions  between  components,  for  example  convey- 
ing that  the  acRoll  receives  an  angular  velocity  from  the  ac- 
Belt. This  is  represented  by  a constraint  between  the  cor- 
responding variables.  There  are  five  sensors  that  report  the 
time  of  arrival  of  a sheet  of  paper  at  various  points  in  the 
paper  path. 

To  perform  diagnosis  with  L2  and  this  model,  observa- 
tions as  to  when  or  if  the  paper  arrived  at  various  points  in 
the  path  would  first  be  obtained  Ifom  the  printer’s  sensors 
via  its  internal  data  bus  and  sent  to  an  external  processor 
running  L2.  The  values  would  be  discretized  and  assigned 
to  the  corresponding  variables  in  the  constraint  system.  A 
constraint  optimization  algorithm  would  be  applied  to  the 
updated  constraint  system  to  find  assignments  to  the  vari- 
ables that  are  consistent  with  the  observations.  Such  an  as- 
signment might  represent  that  the  paper  was  late  at  the  first 
sensor  because  the  feedMotor  is  slow,  slowing  down  both 
the  acRoll  and  the  feedRoll.  This  information  could  then 
be  used  to  perform  maintenance,  or  in  systems  with  redun- 
dancy, to  reconfigure  the  system  for  robust  control.  In  ad- 
dition to  this  small  demonstration,  we  have  applied  similar 
diagnostic  techniques  to  spacecraft  (Bernard  et  al.  1998), 
chemical  processing  plants  (Goodrich  & Kurien  2001),  sci- 
entific instruments,  and  other  electromechanical  systems  to 


Given  a set  of  component  models  and  a centralized  diagnoser  C: 

1 . C combines  the  component  models  in  a central  store 

2.  Observations  are  collected  from  the  physical  system 

3.  C computes  the  system-wide  diagnoses 

Figure  2:  Centralized  Diagnosis  of  a Centralized  System 


Given  a set  S of  currently  connected  components  and  a central- 
ized diagnoser  C: 

1 . VS',  S forwards  its  component  model  to  C 

2.  C combines  the  component  models  in  a central  store 

3.  VS,  S forwards  its  observations  to  C 

4.  C computes  the  system-wide  diagnoses 

5.  VS,  C projects  the  variables  of  interest  to  S from  the  diag- 
noses and  forwards  them  to  S 

Figure  3:  Centralized  Diagnosis  of  a Networked  System 


assist  in  robust  control. 

Challenges  of  Monitoring  and  Diagnosing 
Networked,  Embedded  Systems 

Suppose  we  would  like  to  perform  diagnosis  for  a recon- 
figurable,  networked,  embedded  system.  Such  systems  are 
constructed  such  that  each  component  is  locally  controlled 
by  a small,  embedded  processor  which  coordinates  with 
other  processors  via  a potentially  unreliable  network.  In  ad- 
dition, components  and  their  processors  might  be  unplugged 
and  replaced  with  upgraded  versions  from  time  to  time.  Ex- 
amples of  such  systems  are  ad-hoc  wireless  networks,  modu- 
lar robots,  and  more  conventional  systems  such  as  intranets. 
Even  traditional  electro-mechanical  systems  such  as  printers 
and  automobiles  now  contain  on-board  networks,  embedded 
sensing  and  tens  or  hundreds  of  local  controllers. 

We  can  provide  diagnostic  information  to  the  local  con- 
trollers of  such  a system  using  centralized  diagnosis  via  the 
process  outlined  in  Figure  3.  First,  a centralized,  global  di- 
agnosis problem  is  created  by  assembling  a global  model  of 
the  components  within  a centralized  diagnoser.  The  obser- 
vations are  centrally  collected  and  a diagnosis  or  set  of  diag- 
noses are  computed  by  the  centralized  diagnoser.  Aspects  of 
the  centralized,  global  diagnosis  are  then  be  distributed  back 
to  the  local  controllers. 

This  approach  makes  several  assumptions.  First,  there 
must  exist  a processor  large  enough  to  store  the  global  diag- 
nostic model  and  run  the  centralized  diagnostic  algorithm. 
If  this  processor  fails,  it  must  be  acceptable  for  no  further 
diagnoses  to  be  generated.  Second,  there  must  exist  a cen- 
tral bus  or  buses  with  sufficient  capacity  to  forward  all  data 
needed  for  diagnosis  to  the  central  processor.  If  a bus  fails, 
the  data  needed  to  diagnose  and  recover  for  the  failure  must 
be  located  on  the  near  side  of  the  bus  with  respect  to  the 
diagnostic  processor,  or  it  must  be  acceptable  for  no  further 
diagnoses  to  be  generated  for  the  bus  and  the  far  side  compo- 
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Figure  1 : Paper  Path  Model  in  Xerox  DC265ST  Printer 


nents.  Finally,  the  set  of  components  to  be  diagnosed  must 
be  represented  using  the  same  formalism,  and  in  most  appli- 
cations must  be  known  a priori. 

With  networked,  embedded  systems,  all  of  these  assump- 
tions may  be  false.  Each  processor  in  the  plant  may  be  quite 
small.  If  a processor  fails,  we  may  require  the  components 
attached  to  remaining  processors  to  continue  operating  in 
a full  diagnosis  and  control  cycle.  If  the  network  is  bifur- 
cated, we  may  require  that  each  half  of  the  plant  continues 
operations  to  the  extent  possible  and  works  to  resolve  the 
failure  with  the  locally  available  information.  New  compo- 
nents might  join  into  the  network  at  any  time  by  publishing 
their  capabilities  such  as  described  by  JlNl  (Sun  Microsys- 
tems Inc  1999). 

These  issues  suggest  an  approach  wherein  we  do  not  arti- 
ficially centralize  the  problem  but  allow  a local  diagnoser  to 
be  associated  with  each  system  processor.  Each  local  diag- 
noser finds  a partial  diagnostic  solution  using  a model  of  the 
locally  controlled  portion  of  the  plant  and  the  locally  avail- 
able observations.  Communication  is  then  required  to  re- 
fine the  partial  diagnostic  solution  into  a diagnosis,  in  effect 
making  use  of  observations  and  models  local  to  other  diag- 
nosers.  We  next  suggest  themes  for  dividing  and  coordinat- 
ing the  diagnostic  process  to  maximize  scalability,  robust- 
ness and  reconfigurability,  based  upon  our  experience  with 
both  diagnosis  and  networked,  embedded  systems. 

• Scalability 

Dividing  the  diagnostic  problem  among  local  diagnosers 
allows  us  to  apply  multiple  processors  and  potentially  ad- 
dress computational  scalability  problems  caused  by  the 
small  processors  we  may  encounter  in  some  embedded 
systems.  To  address  communication  scalability  issues, 
we  seek  to  exploit  the  topology  of  the  physical  plant. 
We  would  like  to  arrange  that  two  local  diagnosers  need 


communicate  only  if  the  subsystems  of  the  physical  plant 
they  correspond  to  are  physically  interconnected  or  share 
data.  Thus  the  structure  of  our  diagnostic  architecture 
will  mimic  the  physical  topology  of  the  plant  being  di- 
agnosed. For  the  type  of  engineered  systems  that  are  typ- 
ically amenable  to  diagnosis,  physical  scalability  is  ac- 
complished by  modularizing  subsystems  and  connecting 
them  through  fairly  narrow  physical  interfaces  (power, 
data,  physical  support).  By  respecting  these  interfaces, 
we  expect  our  communication  needs  for  moving  diagnos- 
tic data  to  scale  as  well  as  the  underlying  physical  plant. 

• Robustness 

A diagnostic  architecture  must  be  extremely  robust  to  fail- 
ure and  able  to  operate  in  an  anytime  and  any  information 
manner.  This  can  be  accomplished  with  refinement.  We 
would  like  to  arrange  that  each  diagnoser  locally  produce 
a superset  of  the  diagnoses  that  a global  diagnoser  would 
produce  for  the  local  components.  Communication  with 
Other  diagnosers  is  then  used  only  to  prune  the  local  diag- 
nosis set.  This  yields  several  important  properties.  First, 
the  diagnostic  process  can  be  interrupted  at  any  time  and 
each  diagnoser  will  contain  the  true  diagnosis  plus  possi- 
ble imposters.  This  is  an  important  safety  feature  in  do- 
mains where  taking  action  based  upon  a false  negative  can 
cause  serious  harm.  Second,  if  diagnosers  fail,  then  the 
remaining  diagnosers  will  simply  produce  coarser  (more 
conservative)  estimates  of  the  possible  states  of  their  com- 
ponents. Third,  if  the  system  is  bifurcated  due  to  a com- 
munication failure,  then  each  half  will  produce  all  diag- 
noses consistent  with  the  reachable  diagnosers  and  any 
state  of  the  other  half  of  the  system. 

• Reconfigurability 

A side  effect  of  employing  local  diagnosers  that  commu- 
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Figure  4:  Automaton  Representing  A Single  Valve 

nicate  via  opaque  interfaces  defined  by  the  physical  plant 
is  natural  support  for  modular  or  reconfigurable  plants. 
Intuitively,  a connected  subset  of  the  components  of  Fig- 
ure 1 may  be  disconnected  from  the  plant  and  replaced  by 
new  hardware  with  a different  model,  so  long  as  the  phys- 
ical and  diagnostic  interface  at  the  point  of  disconnection 
is  maintained.  In  addition,  this  opens  the  possibility  of 
participation  by  different  implementations  of  the  same  di- 
agnostic algorithm  or  even  different  algorithms  participat- 
ing in  a diagnosis.  The  latter  would  of  course  require  an 
interface  that  is  semantically  meaningful  for  all  partici- 
pating diagnosers.  Flowever,  even  the  former  capability 
might  be  useful  in  allowing  vendors  of  components  that 
are  likely  to  be  connected  (e.g.  data  network  components 
or  power  distribution  components)  to  create  diagnosers 
that  can  collaborate. 

We  believe  these  properties  will  be  of  interest  as  we  begin  to 
investigate  applications  involving  very  large  numbers  of  em- 
bedded processors  communicating  via  networks.  In  the  next 
section  we  introduce  a simple  formalization  that  will  allow 
us  to  discuss  algorithmic  directions  for  type  of  problem. 

Centralized  Formulation 

Our  approach  to  distributed  qualitative  diagnosis  follows  the 
centralized  diagnostic  formalism  developed  in  (de  Kleer  & 
Williams  1989)  and  extended  in  (Williams  & Nayak  1996) 
and  (Kurien  & Nayak  2000).  To  motivate  our  distributed 
algorithms,  we  begin  with  a brief  overview  of  the  central- 
ized technique,  summarized  from  (Kurien  & Nayak  2000). 
Suppose  we  wo  uld  like  to  diagnose  the  state  of  a single  com- 
ponent, a valve,  which  is  qualitatively  modeled  via  the  finite 
state  machine  illustrated  in  Figure  4.  We  refer  to  each  possi- 
ble discrete  state  of  a component  as  a mode.  A valve  v has 
three  modes,  open,  closed,  and  stuckClosed.  The  behav- 
ior of  the  flow  of  the  valve  within  each  mode,  which  has  the 
discrete  domain  {zero,  nonzero},  can  be  captured  with  the 
following  propositional  formulae. 

u = open  =>  flowv  = nmizero 

V = dosed  =>  flowv  = zero 

V = stuckClosed  =>  floun  = zero 

If  floWy  is  observable  from  the  physical  plant,  we  will  refer 
to  this  variable  as  an  observation.  In  order  to  represent  the 
non-determinism  of  the  automaton  within  a propositional 
framework,  the  encoding  introduces  an  assumption  variable 
a.  Intuitively,  a„  represents  the  choice  that  Nature  makes 
as  to  whether  valve  v will  behave  normally  or  experience  a 


Figure  5:  Variable  Connectivity  In  a Global  Model 


failure  when  it  is  commanded.  The  transition  portion  of  the 
automaton  can  thus  be  captured  by  the  following  formulae. 

o„  = normals 

vt  = dosed  A cmdt  = open  ^ ut+i  = open 

vt  = dosed  A cmdt  / open  ^ vt+i  = dosed 

Vt  = open  A cmdt  = dose  ^ vt+i  = dosed 

Vt  = open  A cmdt  / dose  =>  vt+i  = open 

Vt  = stuckClosed  ^ vt+i  = stuckClosed 

Uv  = stick=>v^t+i  = stuckClosed 

Intuitively,  the  diagnostic  task  is  to  find  a set  of  assignments 
to  the  assumptions,  here  {ov},  such  that  the  model  is  consis- 
tent with  the  observations,  here  {flow^}.  For  example,  sup- 
pose Vt  = closed,  we  command  the  valve  open,  represented 
by  cmdt  = open.  The  plant  assigns  O as  flowy  = zero. 
The  only  consistent  assignment  to  Oy  is  = stick  and  we 
diagnose  valve  is  stuck  closed.  If  we  wish  to  model  multiple 
automata,  we  introduce  a mode  and  assumption  for  each  au- 
tomaton and  compile  all  automata  into  a set  of  formulae  that 
may  share  variables.  For  example,  two  valves  in  series  share 
the  same  flow.  Figure  5 visualizes  the  compilation  of  the  de- 
vice constraints  into  a global  constraint  system  model.  Each 
node  represents  a finite  domain  variable.  Two  nodes  are  con- 
nected by  an  edge  if  the  two  variables  appear  in  a constraint 
together,  denoting  that  the  possible  values  of  the  variables 
are  related  by  interacting  together  in  some  physical  process 
or  the  transmission  of  data.  Note  that  a realistic  model  such 
as  that  of  Figure  5 contains  many  observations  and  assump- 
tions, and  many  assignments  may  be  consistent.  More  for- 
mally, let  A denote  the  set  of  assumptions,  O denote  the  set 
of  observations,  and  F denote  the  formulae  describing  the 
plant.  Given  an  assignment  to  O created  by  observing 
the  plant,  a diagnosis  D is  an  assignment  to  A such  that  the 
following  propositional  formula  is  consistent: 

CttiGAitti  = di)  AojEO  {oj  = ujj)  A F . 

To  perform  diagnosis  over  multiple  components,  we  must 
find  an  assignment  to  each  a that  renders  the  set  of  formulae 
consistent  with  all  observations.  Intuitively,  we  assign  the 
observations  reported  by  the  physical  plant,  O to  the  vari- 
ables of  the  graph  corresponding  to  observations,  O,  then 
reassign  the  assumption  variables,  A until  the  constraint  sys- 
tem illustrated  in  Figure  5 becomes  consistent.  Thus  in  this 
diagnosis  framework,  diagnosis  can  be  viewed  a constraint 
satisfaction  problem. 

A second  diagnostic  task  is  to  find  the  most  likely  diag- 
noses. For  each  assumption  assignment  we  can  associate 
the  prior  probability  of  the  even  the  assumption  represents. 


Thus,  P(a„=stick)  denotes  the  prior  probability  of  the  valve 
sticking.  Assuming  conditional  independence,  the  probabil- 
ity of  a diagnosis  is  defined  as  follows. 

P{D)  = Ua,^eDP{ai  = di) 

Given  multiple  components,  we  must  find  the  assignment  to 
each  a that  renders  the  set  of  formulae  consistent  with  all 
observations  such  that  the  probability  of  the  assignment  is 
maximal.  Intuitively,  we  assign  the  observations  reported 
by  the  physical  plant,  Vt  to  the  variables  of  the  graph  corre- 
sponding to  observations,  O,  then  choose  among  the  possi- 
ble reassignments  of  assumption  values  to  assumption  vari- 
ables, A,  until  the  constraint  system  illustrated  in  Figure  5 
becomes  consistent.  The  choice  of  which  assumption  to  re- 
assign and  to  which  value  to  assign  it  is  based  upon  the  prob- 
ability of  the  possible  assignments.  In  this  case,  diagnosis 
can  be  viewed  as  a constraint  optimization  problem. 

Distributed  Diagnosis 

In  this  paper,  we  propose  splitting  the  global  diagnostic  pro- 
cess into  a number  of  cooperating  local  diagnostic  processes. 
In  order  to  distribute  the  problem,  we  divide  the  global  di- 
agnoser  which  produces  assignments  to  A into  a set  of  local 
diagnosers  which  make  assignments  to  subset  of  A.  Intu- 
itively, we  partition  the  edges  of  Figure  5.  If  a node  is  con- 
nected to  edges  in  more  than  one  partition,  it  is  replicated 
and  the  partitions  must  reach  consensus  on  its  value.  More 
formally,  a local  diagnoser  L is  described  by  (Fl,  Vl,  Al, 
Ol,  Rl)  where  is  the  subset  of  F assigned  to  L,  Vl 
denotes  the  set  of  variables  that  appear  in  F l,  Al  denotes 
AoVl,  Ol  denotes  OC\Vl  and  Rl  denotes  the  union  of 
VlCiVm  over  all  other  diagnosers  M.  Figure  6 illustrates  a 
possible  partitioning  of  the  constraint  graph  of  Figure  5.  The 
slightly  darker  nodes  indicate  the  members  of  Rl,  shared 
variables  that  have  been  replicated.  Given  a fixed  number 
of  diagnosers  or  the  maximum  number  of  constraints  a diag- 
nostic processor  can  accommodate,  we  can  use  a graph  par- 
titioning algorithm  (Sanchis  1989)  to  find  a partitioning  of 
the  graph  that  attempts  to  minimize  Rl  for  each  diagnoser. 

Our  approach  to  finding  consistent  diagnoses  in  a dis- 
tributed fashion  is  refinement  based.  Intuitively,  each  local 
diagnoser  finds  the  diagnoses  for  the  locally  modeled  com- 
ponent that  are  consistent  with  the  constraints  of  the  local 
model  and  the  local  observations.  This  is  a superset  of  the 
diagnoses  for  the  local  components  that  are  consistent  will 
all  constraints  and  observations.  Each  local  diagnoser  then 


1.  Given  observation  set  Q,  if  Oj  G Ol,  assign  Oj  = u>j  in  L. 

2.  ML,  if  Ol  compute  all  assignments  to  Al^Rl  s.t. 
^oj60i,(0j=a)j)  AoisAi,  iai=di)  Ar.-eRL  (fi  = P0  \=  F l 

3.  For  each  r G Rl,  for  each  other  diagnoser  M,  if  r G Vm  send 
all  Rl  assignments  to  M. 

4.  In  each  such  M,  compute  all  assignments  such  that 

AriGKi,  (fi  = Pi)  AofegAjv,/  (ofe  = dfc)  Ar;.  6 {Vk  = Pk)  |= 
Fm 

5.  If  the  consistent  Rm  assignments  decreased  in  step  4,  return 
to  step  3,  substituting  M for  L. 

Figure  7:  Consistency-based,  Anytime  Diagnosis 


communicates  with  directly  other  diagnosers  to  further  re- 
duce the  set  of  consistent  diagnoses  for  the  local  compo- 
nents. We  would  like  that  the  diagnoses  start  with  a superset 
of  the  globally  consistent  diagnoses  and  move  toward  only 
the  globally  consistent  diagnoses.  We  define  the  relation- 
ships conservative  and  feasible  between  the  diagnoses 
produced  by  a global  diagnoser  and  the  diagnoses  produced 
by  a local  diagnoser.  A local  diagnosis  set  Dl  is  conserva- 
tive with  respect  to  the  global  diagnosis  set  Dq  if 

M5g  G Dg  Ual{^g)  G Dl 

where  II  is  the  projection  operator.  That  is,  the  assignments 
made  to  the  assumptions  local  to  L by  a global  diagnosis 
must  also  be  made  by  a local  diagnosis.  A local  diagno- 
sis set  Dl  i&  feasible  if  the  assignments  made  to  the  local 
assumptions  are  contained  in  a consistent  global  diagnosis. 
More  formally, 

MSl  G Dl  36g  G Dg  : nA^(^G)  = h- 

Incremental  Consistency 

We  next  discuss  an  algorithmic  framework  for  incrementally 
revising  a set  of  conservative  diagnoses  into  a set  feasible  di- 
agnoses in  a robust,  anytime,  distributed  manner,  followed 
by  results  from  one  particular  instantiation  of  this  frame- 
work. The  approach  of  the  algorithmic  framework  is  similar 
in  spirit  to  Waltz’s  algorithm  (Waltz  1975).  Each  set  of  di- 
agnoses is  monotonically  reduced  toward  a feasible  set  as  a 
side  effect  of  spreading  consensus  on  the  value  of  variables 
shared  between  diagnosers.  The  algorithm  is  illustrated  in 
Figure  7. 

The  algorithm  operates  by  incrementally  reducing  the 
possible  assignments  to  Al  for  all  L,  first  by  introduction 
of  observations  and  second  by  communication  between  di- 
agnosers. Each  local  diagnoser  begins  with  a conservative 
local  diagnosis  set  in  Al.  Typically  this  would  be  all  possi- 
ble diagnoses,  which  can  be  implicitly  captured  by  an  appro- 
priate encoding  of  the  constraint  set  Fl-  In  Step  1,  observa- 
tions are  assigned  in  every  diagnoser  which  has  constraints 
involving  an  observation.  In  Step  2,  the  observation  assign- 
ments are  used  to  compute  all  assignments  to  AlURl  that 
are  consistent  with  F l and  the  observations  received  by  L. 
Note  that  the  projection  of  Aj;,  from  these  assignments  is  a 


conservative  diagnosis  set.  Intuitively,  suppose  an  assign- 
ment to  Al  appears  in  a global  diagnosis  but  is  not  com- 
puted by  L.  If  it  is  not  computed,  it  must  be  inconsistent  with 
Fl  and  the  assignments  to  It  is  therefore  inconsistent 
with  F and  the  assignments  to  O,  and  could  not  appear  in  a 
global  diagnosis.  In  Step  3,  the  assignments  to  Rl  are  pro- 
jected o ut  of  the  consistent  assignments  of  L and  forwarded 
to  each  other  diagnoser  M that  references  these  variables.  In 
Step  4,  M eliminates  a subset  of  its  assignments  that  are  not 
feasible.  Intuitively,  an  assignment  a.  to  Am  is  not  feasi- 
ble if  there  is  no  assignment  to  A containing  a that  is  con- 
sistent with  F and  O.  If  a constrains  a variable  in  Rl  to 
have  a value  that  was  not  received  from  L,  then  a is  incon- 
sistent with  all  consistent  assignments  to  Al.  Thus,  each 
time  Step  4 is  performed,  infeasible  assignments  to  Am  are 
eliminated.  Each  diagnoser  begins  with  a conservative  set 
of  assignments  to  Al,  and  as  rounds  of  communication  are 
performed,  the  local  diagnoses  are  moved  toward  feasibility 
in  an  anytime  manner.  Per  Step  5,  the  algorithm  continues  as 
long  as  consistent  assignments  are  eliminated.  In  the  worst 
case,  each  loop  would  eliminate  one  of  an  exponential  num- 
ber of  possible  assignments. 

Note  that  we  have  described  the  algorithm  to  propagate 
sets  of  assignments  that  remain  consistent  in  one  local  di- 
agnoser to  to  other  diagnosers  in  which  the  assigned  vari- 
ables appear.  More  generally,  we  may  propagate  any  in- 
formation that  allows  remote  diagnosers  to  restrict  the  do- 
main of  a variable  based  upon  inference  performed  in  the 
local  diagnoser.  Examples  include  assignments  that  cannot 
be  made  because  of  constraints  within  one  diagnoser  (no- 
goods), assignments  that  must  be  made,  or  sets  of  possible 
assignments  to  a variable  that  remain  consistent.  Note  also 
that  this  algorithm  is  not  complete  with  respect  to  distributed 
constraint  satisfaction.  Intuitively,  suppose  we  have  two  lo- 
cal diagnosers,  one  containing  only  the  constraint  AvB  and 
the  other  containing  only  the  constraint  AvB.  Neither  can 
constrain  and  propagate  the  value  of  B,  though  B must  be 
true.  This  same  restriction  applies  to  the  centralized  con- 
straint satisfaction  technique  used  in  L2,  so  we  do  not  be- 
lieve it  presents  a significant  drawback.  The  related  work 
section  contains  further  details  on  the  relationship  between 
distributed  diagnosis  and  distributed  constraint  satisfaction 
and  why  we  believe  an  incomplete  algorithm  is  sufficient. 

Communication  Requirements 

When  presented  with  a networked,  embedded  system,  we 
may  perform  centralized  diagnosis  of  the  distributed  system 
by  transmission  of  observations  or  distributed  diagnosis  of 
the  distributed  system  by  transmission  of  intermediate  re- 
sults. Choosing  distributed  diagnosis  allows  us  to  trade  com- 
munication bandwidth  for  reduced  processor  requirements, 
increased  robustness  and  greater  reconfigurability.  In  this 
section,  we  examine  how  the  communication  requirements 
of  the  distributed,  incremental  diagnosis  algorithm  compare 
to  a centralized  approach.  We  first  consider  the  communi- 
cation requirements  of  the  centralized  procedure  shown  in 
Figure  3.  Let  n be  the  number  of  components  and  s be  the 
number  of  components  with  sensors.  In  Step  3 of  the  pro- 
cedure, each  of  s components  forwards  its  observations  to 


C.  In  Step  5,  C forwards  the  diagnostic  results  to  each  of  n 
components.  Assuming  all  observations  from  a single  com- 
ponent can  be  sent  in  a single  message,  Figure  3 requires 
s point  to  point  messages  to  C and  one  broadcast  message 
from  C to  all  n components 

We  now  consider  the  communication  requirements  for  the 
distributed  algorithm  of  Figure  7.  This  algorithm  performs 
distributed  diagnosis  by  exchanging  messages  that  refine  the 
value  of  shared  variables  across  local  diagnosers.  Let  v be 
the  number  of  variables  that  are  shared,  and  r be  the  av- 
erage number  of  diagnosers  that  share  each  variable,  and 
m be  the  average  number  of  messages  exchanged  that  in- 
volve a given  variable.  For  example,  if  each  local  diagnoser 
uses  unit  propagation,  it  can  send  messages  specifying  that 
a variable  must  have  a certain  value  or  cannot  have  a certain 
value,  but  no  messages  specifying  disjunctions  between  as- 
signments. Thus  m is  bo  unded  by  the  size  of  the  largest  do- 
main of  a shared  variable.  The  increase  in  messages  created 
by  moving  to  the  distributed  diagnoses  technique  is  given  by 
the  ratio 

vrm 
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Note  that  counting  the  number  of  messages  exchanged  is 
not  sufficient  to  determine  the  cost  of  communication.  In 
many  applications,  such  as  wireless  networks  with  limited 
energy  or  bandwith,  the  number  of  packets  transmitted  is  a 
critical  cost  measure.  Network  topology  will  determine  the 
number  of  packet  transmissions  or  hops  required  to  deliver 
a message.  In  many  applications,  each  node  in  a network 
is  connected  to  a small  number  of  neighbors.  Point  to  point 
communication  is  implemented  by  multiple  hops  between 
neighbors,  and  a broadcast  is  implemented  by  flooding  the 
network.  Let  he  be  the  average  distance  in  hops  between  a 
node  with  a sensor  and  the  centralized  diagnoser.  Let  hv  be 
the  average  number  of  hops  between  nodes  that  share  a vari- 
able. In  general,  the  change  in  the  total  number  of  packet 
transmissions  required  by  decentralizing  the  problem  is  de- 
termined by 

vrmhv 

she.  + n 

Intuitively,  packet  transmission  for  the  centralized  diagnoser 
scales  with  the  size  and  width  of  the  network,  while  the  de- 
centralized approach  scales  with  the  number  of  constraints 
that  cross  network  components.  Note  that  if  the  network 
topology  reflects  the  physical  interactions  of  the  compo- 
nents, it  is  likely  the  case  that  h,a  < he-  Thus  we  can 
construct  wide  networks  with  very  localized  interactions  for 
which  centralized  diagnosis  requires  more  packet  transmis- 
sions than  decentralized  diagnosis,  though  we  do  not  expect 
this  to  be  the  case  in  practice.  In  addition  to  total  packet 
transmission,  we  may  further  refine  our  cost  measure  to  in- 
clude the  maximum  number  of  packets  transmitted  by  any 
link  in  the  network.  This  determines  the  minimum  band- 
width or  power  storage  a network  node  must  support.  The 
ratio  02  does  not  capture  that  in  the  centralized  case,  all  mes- 
sages must  pass  through  network  links  connected  to  the  cen- 
tral diagnoser.  This  drives  up  the  minimum  capabilities  of  a 
network  node  in  relation  to  distributed  diagnosis  where  mes- 
sage sources  and  destinations  are  more  evenly  distributed 


Independent 
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Distributed  | 
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First  module 

6 

0.02 

9 

21 

0 

Two  modules 

12 

0.18 

14 

49 

0 

Three  modules 

84 

13.28 

20 

343 

0.05 

All  modules 

108 

27.08 

24 

637 

0.22 

Table  1 : Comparison  of  distributed  diagnoser  and  L2 


through  the  system.  We  are  currently  defining  a diagnostic 
model  for  a distributed  sensor  network  in  addition  to  avail- 
able models  of  more  traditional  electro-mechanical  systems 
in  order  to  better  characterize  the  communication  require- 
ments of  both  distributed  and  centralized  algorithms 


Results 

To  implement  the  distributed  diagnosis  algorithm  described 
above,  each  local  diagnoser  could  represent  its  conservative 
diagnosis  set  as  a partial  assignment  in  a GDE-style  diag- 
noser, a relational  table,  a binary  decision  diagram  and  so 
on,  so  long  as  the  representation  can  be  efficiently  pruned 
when  an  observation  or  neighboring  diagnoser  decreases  the 
range  of  a variable.  Ideally,  we  would  like  to  test  a central- 
ized diagnoser  against  a set  of  local  diagnosers  that  compute 
and  represent  diagnoses  in  the  same  manner.  For  these  pre- 
liminary results,  we  present  the  performance  of  the  central- 
ized L2  diagnoser  against  a distributed  diagnoser  that  takes 
advantage  of  the  small  local  model  size  enabled  by  distribut- 
ing the  problem.  PARC  intern  Rong  Su  implemented  the 
distributed  algorithm  using  finite-state  automata  to  pmne  in- 
consistent assignments  to  Vl  (Steps  2 and  4 of  Figure  7)  and 
a distributed  consensus  algorithm  (Steps  3 and  5)  shown  to 
converge  to  feasible  diagnoses  (Su  et  al.  2002).  Table  1 
compares  performance  with  L2  on  the  paper  path  model. 
The  first  three  columns  are  the  name  of  the  diagnostic  sce- 
nario, the  diagnoses  found  by  L2,  and  the  time  required. 
Since  the  physical  plant  has  few  sensors,  the  number  of  con- 
sistent diagnoses  grows  with  the  complexity  of  the  scenario. 
The  fourth  column  is  the  number  of  local  diagnosers  reached 
via  Step  3 of  the  algorithm,  out  of  24.  The  fifth  column 
lists  the  number  of  diagnoses  found  by  the  distributed  al- 
gorithm. Note  that  the  FSA-based  algorithm  finds  more  di- 
agnoses than  L2.  L2  is  conflict  based,  and  thus  postulates 
only  those  failures  that  can  eliminate  a discrepancy  between 
an  expected  observation  and  the  observation  received  from 
the  plant.  The  FSA-based  algorithm  flnds  all  consistent  fail- 
ures, including  those  that  would  be  indistinguishable  from 
proper  operation  of  the  plant.  The  sixth  column  is  the  time 
to  compute  the  diagnoses,  demonstrating  the  dramatic  speed 
advantage,  on  this  model,  of  computing  feasible  local  diag- 
noses via  a pre-compiled  FSA  representation  then  determin- 
ing consistent  combinations  versus  global,  on-line  inference. 
The  current  implementation  runs  each  local  diagnoser  seri- 
ally on  a single  processor,  and  we  believe  a parallel  imple- 
mentation will  provide  a greater  speed  advantage. 


Related  Work 

A diagnoser  for  a networked,  embedded  system  may  be  cen- 
tralized, decentralized  or  distributed.  Work  in  centralized 
diagnosis  may  be  applied  by  collecting  models  and  observa- 
tions from  the  networked  components  of  the  physical  plant 
and  appling  a centralized  algorithm.  As  described  in  the 
third  section  of  this  paper,  this  raises  robustness  and  scalabil- 
ity issues  that  must  be  addressed.  Rish,  Brodie  and  Ma,  for 
example,  attempt  to  increase  the  efficiency  of  a centralized 
diagnostic  procedure  for  a distributed  network  of  computers 
using  an  approximate  representation  and  carefully  designed 
active  probing  of  the  distributed  system  (Rish,  Brodie,  & Ma 
2002).  In  decentralized  diagnosis,  e.g.  (Debouk,  Lafortune, 
& Teneketzis  2000),  local  diagnosers  communicate  with  a 
coordination  process  that  assembles  a global  diagnosis.  The 
coordination  process  of  decentralized  approaches  are  still 
subject  to  robustness  and  scalability  issues.  We  are  there- 
fore pursuing  an  approach  of  distributed  diagnosis,  similar 
to  (Baroni  et  al  1 999),  where  there  is  no  centralized  con- 
trol structure  or  coordination  process.  Each  local  diagnoser 
communicates  directly  with  other  diagnosers. 

We  have  formulated  the  the  distributed  diagnostic  pro- 
cess as  a distributed  constraint  satisfaction  problem  (DCSP). 
Since  many  problems  in  scheduling,  resource  allocation,  and 
hardware  design  can  be  formulated  as  constraint  satisfaction 
problems,  the  distributed  constraint  satisfaction  problem  has 
received  a large  amount  of  attention.  Yokoo  and  Hirayama 
provide  an  excellent  overview  (Yokoo  & Hirayama  2000)  of 
algorithms  for  solving  DCSP’s.  These  existing  algorithms 
do  not  meet  our  needs  for  two  reasons.  First,  the  great  ma- 
jority of  the  algorithms  are  formulated  assuming  the  com- 
putational nodes  and  network  connecting  the  nodes  are  re- 
liable, and  that  all  messages  sent  between  nodes  arrive  in 
the  order  sent.  For  diagnosis  of  networked,  embedded  sys- 
tems, we  seek  specific  guarantees  of  behavior  in  response  to 
the  loss  of  computing  nodes  or  bifurcation  of  the  network. 
Second,  the  majority  of  DCSP  algorithms  are  designed  to 
solve  general  discrete  constraint  satisfaction  problems,  such 
as  the  graph  coloring  problem.  The  ability  to  solve  general 
CSP  problems  requires  features  that  complicate  distribution, 
such  as  backtracking  on  choices  for  variable  assignments. 
In  practice,  centralized  diagnosers  are  able  to  find  consis- 
tent diagnoses  using  incomplete,  backtrack-free  procedures 
such  as  unit  propagation.  This  difference  arises  because  the 
constraints  we  generate  from  finite  state  models  such  as  il- 
lustrated in  Figure  4 tend  to  be  closer  to  Horn  clauses  in 
structure  than  general  discrete  constraints  and  diagnosis  may 
use  observation  values  asserted  by  the  physical  plant  to  drive 
constraint  processing.  We  therefore  expect  a distributed  di- 
agnoser acting  upon  the  same  models  should  be  able  to  use 
less  powerful  inference  methods  than  full  constraint  satis- 
faction. While  we  have  encountered  full  DCSP  algorithms 
that  allow  some  fault  tolerance,  such  as  the  Mozart  system 
(Roy  1999),  and  some  simpler  constraint  processing  meth- 
ods that  assume  reliable,  fully  connected  networks,  such  as 
distributed  arc  consistency  (Nguyen  & Deville  1998),  we 
have  not  yet  encountered  an  algorithm  that  is  sufficiently 
narrow  in  scope  and  robust  to  failures. 


Future  Work 

A number  of  issues  remain  for  future  work.  The  issue  of 
how  to  use  knowledge  of  the  prior  probability  of  failures  to 
avoid  computing  all  consistent  diagnoses  has  been  explored 
but  not  solved.  The  algorithm  of  Figure  7 also  does  not  take 
into  account  any  information  about  the  likelihood  of  fail- 
ures. We  may  of  course  find  the  set  of  globally  consistent 
diagnoses  and  compute  the  probability  of  each  by  assuming 
conditional  independence  of  the  failures,  as  described  above. 
Flowever,  rather  than  computing  the  probabilities  of  all  con- 
sistent diagnoses,  we  might  wish  to  avoid  generating  un- 
likely diagnoses  given  we  have  generated  a sufficient  num- 
ber of  consistent,  likely  diagnoses.  Conflict-directed,  best- 
first  search  (de  Kleer  & Williams  1989)  is  a centralized,  dis- 
crete constraint  optimization  algorithm  that  is  specialized  for 
diagnosis.  It  efficiently  enumerates  consistent  assignments 
to  a set  of  propositional  variables  in  order  of  their  cost,  or  in 
this  case  enumerates  diagnoses  in  order  of  their  prior  prob- 
ability. Intuitively,  it  operates  by  starting  with  the  highest 
probability  assignment  to  the  assumptions,  the  case  where 
no  failures  have  occurred.  It  substitutes  a minimal  cost  as- 
signment to  an  assumption  with  a non-minimal  cost  assign- 
ment only  when  a conflict  between  an  observation  value  as- 
signed by  the  plant  and  the  value  predicted  by  the  current 
assumption  assignments  occurs.  Our  current  direction  in 
developing  a distributed  analog  is  to  begins  with  a maxi- 
mum likelihood  (e.g.,no  failure)  assignment  to  Al  within 
each  diagnoser  L,  which  in  turn  constrains  the  shared  vari- 
ables. When  diagnosers  L and  M disagree  on  the  value  of  a 
shared  variable  r,  each  performs  a local  diagnosis  to  conser- 
vatively approximate  the  maximum  probability  assignment 
to  the  assumptions  that  would  admit  a different  value  for 
r.  This  information  can  then  be  used  to  limit  propagation 
of  variable  changes  throughout  the  system.  We  have  imple- 
mented a preliminary  version  of  this  system  using  copies  of 
L2  as  the  local  diagnosers  for  the  purposes  of  exploration, 
but  we  are  currently  limited  to  veiy  simple  network  topolo- 
gies. Formalizing  a reasonably  general  algorithm  for  gener- 
ating a conservative  estimate  of  the  most  likely  diagnoses  in 
a robust,  distributed,  anytime  manner  remains  future  work. 

As  framed  here,  the  distributed  diagnoser  never  computes 
complete  global  diagnoses.  Rather,  at  each  local  diagnoser 
it  computes  feasible  local  diagnoses.  These  are  projections 
of  the  global  diagnoses  that  are  relevant  to  that  diagnoser.  In 
the  case  that  control  of  the  plant  is  distributed,  we  believe 
this  is  appropriate.  Each  processing  node  uses  the  possible 
states  of  its  components,  as  determined  by  the  feasible  local 
diagnoses,  to  inform  its  control.  However,  even  when  per- 
forming distributed  diagnosis  of  a distributed  system,  com- 
putation of  the  global  diagnoses  may  be  of  interest  for  pur- 
poses such  as  centralized,  supervisory  control  or  display  to  a 
user.  We  note  that  simply  taking  the  cross-product  of  the  fea- 
sible diagnoses  produced  by  each  local  diagnoser  will  result 
in  a superset  of  the  global  diagnoses.  Some  combinations 
of  the  cross-product  may  not  appear  in  any  consistent  global 
diagnosis.  If  the  consistent  global  diagnoses  are  needed,  we 
may  compute  them  by  checking  combinations  of  local  feasi- 
ble diagnoses  from  multiple  diagnosers  against  a combined 
model  using  a linear-time  technique  such  as  unit  propaga- 


tion. This  can  be  done  hierarchically  and  in  parallel,  allow- 
ing us  to  rule  out  inconsistent  partial  combinations  of  local 
diagnoses  in  order  to  avoid  explicitly  checking  all  combina- 
tions. Intuitively  and  from  initial  experiments,  we  suspect 
for  many  problems  this  technique  would  be  a competitive 
method  for  producing  all  consistent  global  diagnoses.  In 
fact,  the  performance  numbers  for  the  FSA-based  distributed 
algorithm  shown  in  Table  1 are  for  both  computing  the  con- 
servative and  feasible  local  diagnoses  for  each  local  diag- 
noser and  then  computing  the  globally  consistent  combina- 
tions of  these  local  diagnoses.  Formalizing  this  technique 
and  more  thoroughly  investigating  its  effectiveness  remain 
future  work. 

Conclusion 

We  have  developed  a distributed  diagnosis  framework  that 
leverages  the  topology  of  the  physical  plant  to  limit  inter- 
diagnoser  communication  and  compute  consistent  diagnoses 
in  an  anytime  and  any  information  manner,  making  it  ro- 
bust to  communication  and  processor  failures.  The  frame- 
work is  conservative,  in  that  it  avoids  false  negatives  in  fa- 
vor of  false  positives  in  the  case  where  computation  cannot 
be  completed  due  to  limited  time  or  communication  failure. 
This  property  can  be  vital  in  applications  where  safety  is 
critical.  In  addition  to  being  anytime  and  conservative,  our 
approach  allows  a very  small  granularity  for  the  local  di- 
agnosers. We  can  potentially  create  a diagnoser  per  physi- 
cal component  if  desired.  This  flexibility  allows  us  to  con- 
sider time/space/communication  tradeoffs  that  implement 
each  local  diagnoser  as  an  exponentially  large  (in  the  small 
local  model  size)  structure  that  enables  diagnosis  to  be  per- 
formed collaboratively  on  very  weak  networked  processors. 
One  implementation  of  the  distributed  algorithm  for  flnding 
consistent  diagnoses  has  been  implemented  using  a discrete- 
event  formulation  and  tested  on  one  model.  Our  future  work 
includes  implementations  of  the  algorithm  using  binary  de- 
cision diagrams  and  the  unit  propagation  implementation  of 
L2  to  compute  locally  consistent  assignments.  The  latter 
will  allow  direct  comparison  of  centralized  and  distributed 
implementations  of  the  same  diagnostic  technique  on  a va- 
riety of  problems  modeled  for  L2.  We  are  also  continuing 
to  extend  the  formulation  to  include  optimization-based  dis- 
tributed diagnosis. 
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